Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 121 lines (113 sloc) 4.487 kb
667bfec Decomposition
jakubvrana authored
1 <?php
3f5b683 Reintegrate sqlite branch
jakubvrana authored
2 $connection = '';
3
4 $token = $_SESSION["token"];
5 if (!$_SESSION["token"]) {
6 $_SESSION["token"] = rand(1, 1e6); // defense against cross-site request forgery
7 }
8
dea324f Jakub Vrána Store several permanent logins
authored
9 $permanent = array();
10 if ($_COOKIE["adminer_permanent"]) {
11 foreach (explode(" ", $_COOKIE["adminer_permanent"]) as $val) {
12 list($key) = explode(":", $val);
13 $permanent[$key] = $val;
14 }
15 }
16
f595f93 Jakub Vrána Use namespace in login form
authored
17 $auth = $_POST["auth"];
18 if ($auth) {
25cef1f Disable session.use_trans_sid to preserve export result
jakubvrana authored
19 session_regenerate_id(); // defense against session fixation
f595f93 Jakub Vrána Use namespace in login form
authored
20 $_SESSION["pwds"][$auth["driver"]][$auth["server"]][$auth["username"]] = $auth["password"];
a0d00cf Jakub Vrána Store database to permanent login
authored
21 $_SESSION["db"][$auth["driver"]][$auth["server"]][$auth["username"]][$auth["db"]] = true;
f595f93 Jakub Vrána Use namespace in login form
authored
22 if ($auth["permanent"]) {
a0d00cf Jakub Vrána Store database to permanent login
authored
23 $key = base64_encode($auth["driver"]) . "-" . base64_encode($auth["server"]) . "-" . base64_encode($auth["username"]) . "-" . base64_encode($auth["db"]);
dea324f Jakub Vrána Store several permanent logins
authored
24 $private = $adminer->permanentLogin();
f595f93 Jakub Vrána Use namespace in login form
authored
25 $permanent[$key] = "$key:" . base64_encode($private ? encrypt_string($auth["password"], $private) : "");
dea324f Jakub Vrána Store several permanent logins
authored
26 cookie("adminer_permanent", implode(" ", $permanent));
95b4ea4 Permanent login
jakubvrana authored
27 }
f595f93 Jakub Vrána Use namespace in login form
authored
28 if (count($_POST) == 1 // 1 - auth
29 || DRIVER != $auth["driver"]
30 || SERVER != $auth["server"]
31 || $_GET["username"] !== $auth["username"] // "0" == "00"
8be29af Jakub Vrána Allow specifying database in login form (bug #3499359)
authored
32 || DB != $auth["db"]
3f5b683 Reintegrate sqlite branch
jakubvrana authored
33 ) {
8be29af Jakub Vrána Allow specifying database in login form (bug #3499359)
authored
34 redirect(auth_url($auth["driver"], $auth["server"], $auth["username"], $auth["db"]));
25cef1f Disable session.use_trans_sid to preserve export result
jakubvrana authored
35 }
95b4ea4 Permanent login
jakubvrana authored
36 } elseif ($_POST["logout"]) {
807de59 Don't require login to logout
jakubvrana authored
37 if ($token && $_POST["token"] != $token) {
0cb0f51 Logout by POST
jakubvrana authored
38 page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
39 page_footer("db");
40 exit;
41 } else {
a0d00cf Jakub Vrána Store database to permanent login
authored
42 foreach (array("pwds", "db", "dbs", "queries") as $key) {
3f5b683 Reintegrate sqlite branch
jakubvrana authored
43 set_session($key, null);
807de59 Don't require login to logout
jakubvrana authored
44 }
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
45 unset_permanent();
6420c58 Schema support for PostgreSQL
jakubvrana authored
46 redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
0cb0f51 Logout by POST
jakubvrana authored
47 }
49565e0 Jakub Vrána Rename variables to avoid conflict with Adminer 2 sessions and enabled r...
authored
48 } elseif ($permanent && !$_SESSION["pwds"]) {
dea324f Jakub Vrána Store several permanent logins
authored
49 session_regenerate_id();
50 $private = $adminer->permanentLogin(); // try to decode even if not set
51 foreach ($permanent as $key => $val) {
52 list(, $cipher) = explode(":", $val);
a0d00cf Jakub Vrána Store database to permanent login
authored
53 list($driver, $server, $username, $db) = array_map('base64_decode', explode("-", $key));
49565e0 Jakub Vrána Rename variables to avoid conflict with Adminer 2 sessions and enabled r...
authored
54 $_SESSION["pwds"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
a0d00cf Jakub Vrána Store database to permanent login
authored
55 $_SESSION["db"][$driver][$server][$username][$db] = true;
95b4ea4 Permanent login
jakubvrana authored
56 }
57 }
58
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
59 function unset_permanent() {
60 global $permanent;
a0d00cf Jakub Vrána Store database to permanent login
authored
61 foreach ($permanent as $key => $val) {
62 list($driver, $server, $username) = array_map('base64_decode', explode("-", $key));
63 if ($driver == DRIVER && $server == SERVER && $db == $_GET["username"]) {
64 unset($permanent[$key]);
65 }
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
66 }
a0d00cf Jakub Vrána Store database to permanent login
authored
67 cookie("adminer_permanent", implode(" ", $permanent));
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
68 }
69
6563b5e Report connection error
jakubvrana authored
70 function auth_error($exception = null) {
3f5b683 Reintegrate sqlite branch
jakubvrana authored
71 global $connection, $adminer, $token;
5f83619 Session management
jakubvrana authored
72 $session_name = session_name();
3f5b683 Reintegrate sqlite branch
jakubvrana authored
73 $error = "";
74 if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
75 $error = lang('Session support must be enabled.');
76 } elseif (isset($_GET["username"])) {
77 if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
78 $error = lang('Session expired, please login again.');
79 } else {
49565e0 Jakub Vrána Rename variables to avoid conflict with Adminer 2 sessions and enabled r...
authored
80 $password = &get_session("pwds");
6591d48 Jakub Vrána Replace isset($var) by $var !== null
authored
81 if ($password !== null) {
3f5b683 Reintegrate sqlite branch
jakubvrana authored
82 $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
605b093 Jakub Vrána List authentications
authored
83 $password = null;
3f5b683 Reintegrate sqlite branch
jakubvrana authored
84 }
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
85 unset_permanent();
3f5b683 Reintegrate sqlite branch
jakubvrana authored
86 }
87 }
88 page_header(lang('Login'), $error, null);
f498219 Jakub Vrána Remove eventStop() used by AJAXification in past
authored
89 echo "<form action='' method='post'>\n";
3f5b683 Reintegrate sqlite branch
jakubvrana authored
90 $adminer->loginForm();
8474399 Move Login button to customization
jakubvrana authored
91 echo "<div>";
f595f93 Jakub Vrána Use namespace in login form
authored
92 hidden_fields($_POST, array("auth")); // expired session
8474399 Move Login button to customization
jakubvrana authored
93 echo "</div>\n";
94 echo "</form>\n";
667bfec Decomposition
jakubvrana authored
95 page_footer("auth");
6a682e3 PDO Abstraction
jakubvrana authored
96 }
97
a244367 Jakub Vrána Always display all drivers (bug #3097666)
authored
98 if (isset($_GET["username"])) {
99 if (!class_exists("Min_DB")) {
741c073 Jakub Vrána Unset wrong login from permanent logins
authored
100 unset($_SESSION["pwds"][DRIVER]);
101 unset_permanent();
9e51a1d Jakub Vrána Breadcrumb on No extension page
authored
102 page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
a244367 Jakub Vrána Always display all drivers (bug #3097666)
authored
103 page_footer("auth");
104 exit;
105 }
3f5b683 Reintegrate sqlite branch
jakubvrana authored
106 $connection = connect();
206a3ca Access without login - accept ?username=
jakubvrana authored
107 }
49565e0 Jakub Vrána Rename variables to avoid conflict with Adminer 2 sessions and enabled r...
authored
108 if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) {
6a682e3 PDO Abstraction
jakubvrana authored
109 auth_error();
667bfec Decomposition
jakubvrana authored
110 exit;
111 }
7d83484 Trust user-supplied token with login
jakubvrana authored
112
3f5b683 Reintegrate sqlite branch
jakubvrana authored
113 $token = $_SESSION["token"]; ///< @var string CSRF protection
f595f93 Jakub Vrána Use namespace in login form
authored
114 if ($auth && $_POST["token"]) {
3f5b683 Reintegrate sqlite branch
jakubvrana authored
115 $_POST["token"] = $token; // reset token after explicit login
cbf6e9e Reset token after explicit login
jakubvrana authored
116 }
5c8d948 Report Drop database error
jakubvrana authored
117 $error = ($_POST ///< @var string
118 ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))
119 : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
120 );
Something went wrong with that request. Please try again.